diff --git a/pairing/bn254/constants.go b/pairing/bn254/constants.go index b65652acd..3c8396bb0 100644 --- a/pairing/bn254/constants.go +++ b/pairing/bn254/constants.go @@ -28,6 +28,8 @@ var p2 = [4]uint64{0x3c208c16d87cfd47, 0x97816a916871ca8d, 0xb85045b68181585d, 0 var curveB = newGFp(3) // np is the negative inverse of p, mod 2^256. +// +//nolint:unused // maybe useful var np = [4]uint64{0x87d20782e4866389, 0x9ede7d651eca6ac9, 0xd8afcbd01833da80, 0xf57a22b791888c6b} // rN1 is R^-1 where R = 2^256 mod p. diff --git a/pairing/bn254/gfp.go b/pairing/bn254/gfp.go index ba95a6621..9f5b0e0fc 100644 --- a/pairing/bn254/gfp.go +++ b/pairing/bn254/gfp.go @@ -24,7 +24,7 @@ func newGFpFromBase10(x string) *gfP { bx, _ := new(big.Int).SetString(x, 10) bx = bx.Mod(bx, p) out := &gfP{} - out.Unmarshal(zeroPadBytes(bx.Bytes(), 32)) + _ = out.Unmarshal(zeroPadBytes(bx.Bytes(), 32)) montEncode(out, out) return out } diff --git a/pairing/bn254/gfp12.go b/pairing/bn254/gfp12.go index 292775ebc..7aebeace4 100644 --- a/pairing/bn254/gfp12.go +++ b/pairing/bn254/gfp12.go @@ -104,9 +104,9 @@ func (e *gfP12) Mul(a, b *gfP12) *gfP12 { return e } -func (e *gfP12) MulScalar(a *gfP12, b *gfP6) *gfP12 { - e.x.Mul(&e.x, b) - e.y.Mul(&e.y, b) +func (e *gfP12) MulScalar(a *gfP6) *gfP12 { + e.x.Mul(&e.x, a) + e.y.Mul(&e.y, a) return e } @@ -155,7 +155,7 @@ func (e *gfP12) Invert(a *gfP12) *gfP12 { e.x.Neg(&a.x) e.y.Set(&a.y) - e.MulScalar(e, t2) + e.MulScalar(t2) return e } diff --git a/pairing/bn254/gfp_decl.go b/pairing/bn254/gfp_decl.go index 8c5429c52..21a7e21e6 100644 --- a/pairing/bn254/gfp_decl.go +++ b/pairing/bn254/gfp_decl.go @@ -10,6 +10,7 @@ import ( "golang.org/x/sys/cpu" ) +//nolint:unused // maybe useful var hasBMI2 = cpu.X86.HasBMI2 // go:noescape diff --git a/pairing/bn254/lattice.go b/pairing/bn254/lattice.go index f457cd30f..ed3efd4b0 100644 --- a/pairing/bn254/lattice.go +++ b/pairing/bn254/lattice.go @@ -18,6 +18,7 @@ var curveLattice = &lattice{ det: bigFromBase10("43776485743678550444492811490514550177096728800832068687396408373151616991234"), } +//nolint:lll,unused // maybe useful var targetLattice = &lattice{ vectors: [][]*big.Int{ {bigFromBase10("9931322734385697761"), bigFromBase10("9931322734385697761"), bigFromBase10("9931322734385697763"), bigFromBase10("9931322734385697764")}, diff --git a/pairing/bn254/optate.go b/pairing/bn254/optate.go index c4a6b6113..2547e2266 100644 --- a/pairing/bn254/optate.go +++ b/pairing/bn254/optate.go @@ -46,7 +46,7 @@ func lineFunctionAdd(r, p *twistPoint, q *curvePoint, r2 *gfP2) (a, b, c *gfP2, b = (&gfP2{}).Neg(L1) b.MulScalar(b, &q.x).Add(b, b) - return + return a, b, c, rOut } func lineFunctionDouble(r *twistPoint, q *curvePoint) (a, b, c *gfP2, rOut *twistPoint) { @@ -88,7 +88,7 @@ func lineFunctionDouble(r *twistPoint, q *curvePoint) (a, b, c *gfP2, rOut *twis c = (&gfP2{}).Mul(&rOut.z, &r.t) c.Add(c, c).MulScalar(c, &q.y) - return + return a, b, c, rOut } func mulLine(ret *gfP12, a, b, c *gfP2) { diff --git a/pairing/bn254/point.go b/pairing/bn254/point.go index 866520da6..ade7bfafd 100644 --- a/pairing/bn254/point.go +++ b/pairing/bn254/point.go @@ -66,7 +66,7 @@ func (p *pointG1) EmbedLen() int { panic("bn254.G1: unsupported operation") } -func (p *pointG1) Embed(data []byte, rand cipher.Stream) kyber.Point { +func (p *pointG1) Embed(_ []byte, _ cipher.Stream) kyber.Point { // XXX: An approach to implement this is: // - Encode data as the x-coordinate of a point on y²=x³+3 where len(data) // is stored in the least significant byte of x and the rest is being @@ -152,8 +152,15 @@ func (p *pointG1) UnmarshalBinary(buf []byte) error { p.g.x, p.g.y = gfP{0}, gfP{0} } - p.g.x.Unmarshal(buf) - p.g.y.Unmarshal(buf[n:]) + err := p.g.x.Unmarshal(buf) + if err != nil { + return err + } + err = p.g.y.Unmarshal(buf[n:]) + if err != nil { + return err + } + montEncode(&p.g.x, &p.g.x) montEncode(&p.g.y, &p.g.y) @@ -215,8 +222,8 @@ func hashToField(domain, m []byte) (*gfP, *gfP) { x.SetBytes(_msg[0:48]).Mod(x, p) y.SetBytes(_msg[48:96]).Mod(y, p) gx, gy := &gfP{}, &gfP{} - gx.Unmarshal(zeroPadBytes(x.Bytes(), 32)) - gy.Unmarshal(zeroPadBytes(y.Bytes(), 32)) + _ = gx.Unmarshal(zeroPadBytes(x.Bytes(), 32)) + _ = gy.Unmarshal(zeroPadBytes(y.Bytes(), 32)) montEncode(gx, gx) montEncode(gy, gy) return gx, gy @@ -254,17 +261,20 @@ func mapToPoint(domain []byte, u *gfP) kyber.Point { gfpMul(x3, c4, x3) gfpAdd(x3, newGFp(1), x3) - x, y := &gfP{}, &gfP{} - if legendre(g(x1)) == 1 { + var x *gfP + y := &gfP{} + switch { + case legendre(g(x1)) == 1: x = x1 y.Sqrt(g(x1)) - } else if legendre(g(x2)) == 1 { + case legendre(g(x2)) == 1: x = x2 y.Sqrt(g(x2)) - } else { + default: x = x3 y.Sqrt(g(x3)) } + if sgn0(u) != sgn0(y) { gfpNeg(y, y) } @@ -318,11 +328,11 @@ func expandMsgXmdKeccak256(domain, msg []byte, outLen int) []byte { _, _ = h.Write([]byte{domainLen}) // b_1 || ... || b_(ell - 1) - copy(out[(i-1)*h.Size():i*h.Size()], bi[:]) + copy(out[(i-1)*h.Size():i*h.Size()], bi) bi = h.Sum(nil) } // b_ell - copy(out[(ell-1)*h.Size():], bi[:]) + copy(out[(ell-1)*h.Size():], bi) return out[:outLen] } @@ -376,7 +386,7 @@ func (p *pointG2) EmbedLen() int { panic("bn254.G2: unsupported operation") } -func (p *pointG2) Embed(data []byte, rand cipher.Stream) kyber.Point { +func (p *pointG2) Embed(_ []byte, _ cipher.Stream) kyber.Point { panic("bn254.G2: unsupported operation") } @@ -463,10 +473,23 @@ func (p *pointG2) UnmarshalBinary(buf []byte) error { return errors.New("bn254.G2: not enough data") } - p.g.x.x.Unmarshal(buf[0*n:]) - p.g.x.y.Unmarshal(buf[1*n:]) - p.g.y.x.Unmarshal(buf[2*n:]) - p.g.y.y.Unmarshal(buf[3*n:]) + err := p.g.x.x.Unmarshal(buf[0*n:]) + if err != nil { + return err + } + err = p.g.x.y.Unmarshal(buf[1*n:]) + if err != nil { + return err + } + err = p.g.y.x.Unmarshal(buf[2*n:]) + if err != nil { + return err + } + err = p.g.y.y.Unmarshal(buf[3*n:]) + if err != nil { + return err + } + montEncode(&p.g.x.x, &p.g.x.x) montEncode(&p.g.x.y, &p.g.x.y) montEncode(&p.g.y.x, &p.g.y.x) @@ -560,7 +583,7 @@ func (p *pointGT) EmbedLen() int { panic("bn254.GT: unsupported operation") } -func (p *pointGT) Embed(data []byte, rand cipher.Stream) kyber.Point { +func (p *pointGT) Embed(_ []byte, _ cipher.Stream) kyber.Point { panic("bn254.GT: unsupported operation") } @@ -641,6 +664,7 @@ func (p *pointGT) MarshalTo(w io.Writer) (int, error) { return w.Write(buf) } +//nolint:funlen func (p *pointGT) UnmarshalBinary(buf []byte) error { n := p.ElementSize() if len(buf) < p.MarshalSize() { @@ -651,18 +675,55 @@ func (p *pointGT) UnmarshalBinary(buf []byte) error { p.g = &gfP12{} } - p.g.x.x.x.Unmarshal(buf[0*n:]) - p.g.x.x.y.Unmarshal(buf[1*n:]) - p.g.x.y.x.Unmarshal(buf[2*n:]) - p.g.x.y.y.Unmarshal(buf[3*n:]) - p.g.x.z.x.Unmarshal(buf[4*n:]) - p.g.x.z.y.Unmarshal(buf[5*n:]) - p.g.y.x.x.Unmarshal(buf[6*n:]) - p.g.y.x.y.Unmarshal(buf[7*n:]) - p.g.y.y.x.Unmarshal(buf[8*n:]) - p.g.y.y.y.Unmarshal(buf[9*n:]) - p.g.y.z.x.Unmarshal(buf[10*n:]) - p.g.y.z.y.Unmarshal(buf[11*n:]) + err := p.g.x.x.x.Unmarshal(buf[0*n:]) + if err != nil { + return err + } + err = p.g.x.x.y.Unmarshal(buf[1*n:]) + if err != nil { + return err + } + err = p.g.x.y.x.Unmarshal(buf[2*n:]) + if err != nil { + return err + } + err = p.g.x.y.y.Unmarshal(buf[3*n:]) + if err != nil { + return err + } + err = p.g.x.z.x.Unmarshal(buf[4*n:]) + if err != nil { + return err + } + err = p.g.x.z.y.Unmarshal(buf[5*n:]) + if err != nil { + return err + } + err = p.g.y.x.x.Unmarshal(buf[6*n:]) + if err != nil { + return err + } + err = p.g.y.x.y.Unmarshal(buf[7*n:]) + if err != nil { + return err + } + err = p.g.y.y.x.Unmarshal(buf[8*n:]) + if err != nil { + return err + } + err = p.g.y.y.y.Unmarshal(buf[9*n:]) + if err != nil { + return err + } + err = p.g.y.z.x.Unmarshal(buf[10*n:]) + if err != nil { + return err + } + err = p.g.y.z.y.Unmarshal(buf[11*n:]) + if err != nil { + return err + } + montEncode(&p.g.x.x.x, &p.g.x.x.x) montEncode(&p.g.x.x.y, &p.g.x.x.y) montEncode(&p.g.x.y.x, &p.g.x.y.x) @@ -677,7 +738,6 @@ func (p *pointGT) UnmarshalBinary(buf []byte) error { montEncode(&p.g.y.z.y, &p.g.y.z.y) // TODO: check if point is on curve - return nil } diff --git a/pairing/bn254/suite.go b/pairing/bn254/suite.go index 2125e16c3..3bfd8f3b8 100644 --- a/pairing/bn254/suite.go +++ b/pairing/bn254/suite.go @@ -187,7 +187,7 @@ func (c *commonSuite) Read(r io.Reader, objs ...interface{}) error { // Write is the default implementation of kyber.Encoding interface Write. func (c *commonSuite) Write(w io.Writer, objs ...interface{}) error { - return fixbuf.Write(w, objs) + return fixbuf.Write(w, objs...) } // Hash returns a newly instantiated keccak256 hash function. diff --git a/pairing/bn254/suite_test.go b/pairing/bn254/suite_test.go index 03cca6bb0..29bd6154c 100644 --- a/pairing/bn254/suite_test.go +++ b/pairing/bn254/suite_test.go @@ -329,7 +329,6 @@ type tsrPoint struct { } func TestSuiteProtobuf(t *testing.T) { - //bn := suites.MustFind("bn254.adapter") bn1 := NewSuiteG1() bn2 := NewSuiteG2() bnT := NewSuiteGT() diff --git a/pairing/circl_bls12381/g1.go b/pairing/circl_bls12381/g1.go index 8fb8b9d21..e79a6ae94 100644 --- a/pairing/circl_bls12381/g1.go +++ b/pairing/circl_bls12381/g1.go @@ -59,7 +59,7 @@ func (p *G1Elt) EmbedLen() int { panic("bls12-381: unsupported operation") } -func (p *G1Elt) Embed(data []byte, r cipher.Stream) kyber.Point { +func (p *G1Elt) Embed(_ []byte, _ cipher.Stream) kyber.Point { panic("bls12-381: unsupported operation") } diff --git a/pairing/circl_bls12381/g2.go b/pairing/circl_bls12381/g2.go index 4f5f912d2..56d3e4cab 100644 --- a/pairing/circl_bls12381/g2.go +++ b/pairing/circl_bls12381/g2.go @@ -59,7 +59,7 @@ func (p *G2Elt) EmbedLen() int { panic("bls12-381: unsupported operation") } -func (p *G2Elt) Embed(data []byte, r cipher.Stream) kyber.Point { +func (p *G2Elt) Embed(_ []byte, _ cipher.Stream) kyber.Point { panic("bls12-381: unsupported operation") } diff --git a/pairing/circl_bls12381/gt.go b/pairing/circl_bls12381/gt.go index 8224d33cc..0a3b30125 100644 --- a/pairing/circl_bls12381/gt.go +++ b/pairing/circl_bls12381/gt.go @@ -49,7 +49,7 @@ func (p *GTElt) Null() kyber.Point { p.inner.SetIdentity(); return p } func (p *GTElt) Base() kyber.Point { p.inner = *gtBase; return p } -func (p *GTElt) Pick(rand cipher.Stream) kyber.Point { +func (p *GTElt) Pick(_ cipher.Stream) kyber.Point { panic("bls12-381: unsupported operation") } @@ -61,7 +61,7 @@ func (p *GTElt) EmbedLen() int { panic("bls12-381: unsupported operation") } -func (p *GTElt) Embed(data []byte, r cipher.Stream) kyber.Point { +func (p *GTElt) Embed(_ []byte, _ cipher.Stream) kyber.Point { panic("bls12-381: unsupported operation") } diff --git a/pairing/circl_bls12381/suite.go b/pairing/circl_bls12381/suite.go index db7c7f34e..4174dc5cc 100644 --- a/pairing/circl_bls12381/suite.go +++ b/pairing/circl_bls12381/suite.go @@ -38,11 +38,11 @@ func (s Suite) ValidatePairing(p1, p2, p3, p4 kyber.Point) bool { return out.IsIdentity() } -func (s Suite) Read(r io.Reader, objs ...interface{}) error { +func (s Suite) Read(_ io.Reader, _ ...interface{}) error { panic("Suite.Read(): deprecated in drand") } -func (s Suite) Write(w io.Writer, objs ...interface{}) error { +func (s Suite) Write(_ io.Writer, _ ...interface{}) error { panic("Suite.Write(): deprecated in drand") } diff --git a/pairing/circl_bls12381/suite_test.go b/pairing/circl_bls12381/suite_test.go index da7db5f81..e8464fc02 100644 --- a/pairing/circl_bls12381/suite_test.go +++ b/pairing/circl_bls12381/suite_test.go @@ -23,6 +23,8 @@ import ( // Returns a log of the pseudorandom Points produced in the test, // for comparison across alternative implementations // that are supposed to be equivalent. +// +//nolint:gocyclo,cyclop // complete test, difficult to break in pieces func testGroup(t *testing.T, g kyber.Group, rand cipher.Stream) []kyber.Point { t.Logf("\nTesting group '%s': %d-byte Point, %d-byte Scalar\n", g.String(), g.PointLen(), g.ScalarLen()) @@ -77,13 +79,7 @@ func testGroup(t *testing.T, g kyber.Group, rand cipher.Stream) []kyber.Point { // Verify additive and multiplicative identities of the generator. // TODO: Check GT exp - /*fmt.Println("Inverse of base")*/ - //f := ptmp.Base().(*KyberGT).f - //newFp12(nil).inverse(f, f) - //fmt.Printf("\n-Inverse: %v\n", f) - //fmt.Println("Multiply by -1") ptmp.Mul(stmp.SetInt64(-1), nil).Add(ptmp, gen) - /*fmt.Printf(" \n\nChecking equality additive identity\nptmp: %v \n\n zero %v\n", ptmp, pzero)*/ if !ptmp.Equal(pzero) { t.Fatalf("generator additive identity doesn't work: (scalar -1 %v) %v (x) -1 (+) %v = %v != %v the group point identity", stmp.SetInt64(-1), ptmp.Mul(stmp.SetInt64(-1), nil), gen, ptmp.Mul(stmp.SetInt64(-1), nil).Add(ptmp, gen), pzero) @@ -113,7 +109,6 @@ func testGroup(t *testing.T, g kyber.Group, rand cipher.Stream) []kyber.Point { t.Fatalf("Diffie-Hellman didn't work: %v == %v (x) %v != %v (x) %v == %v", dh1, s2, p1, s1, p2, dh2) } points = append(points, dh1) - //t.Logf("shared secret = %v", dh1) // Test secret inverse to get from dh1 back to p1 if primeOrder { @@ -124,7 +119,6 @@ func testGroup(t *testing.T, g kyber.Group, rand cipher.Stream) []kyber.Point { } // Zero and One identity secrets - //println("dh1^0 = ",ptmp.Mul(dh1, szero).String()) if !ptmp.Mul(szero, dh1).Equal(pzero) { t.Fatalf("Encryption with secret=0 didn't work: %v (x) %v == %v != %v", szero, dh1, ptmp, pzero) } @@ -181,10 +175,10 @@ func testGroup(t *testing.T, g kyber.Group, rand cipher.Stream) []kyber.Point { pick := func(rand cipher.Stream) (p kyber.Point) { defer func() { - /*if err := recover(); err != nil {*/ + /* if err := recover(); err != nil {*/ //// TODO implement Pick for GT - //p = g.Point().Mul(g.Scalar().Pick(rand), nil) - //return + // p = g.Point().Mul(g.Scalar().Pick(rand), nil) + // return /*}*/ }() p = g.Point().Pick(rand) @@ -292,7 +286,7 @@ func TestKyberPairingG2(t *testing.T) { require.False(t, p1.Equal(pRandom)) } -func TestRacePairings(t *testing.T) { +func TestRacePairings(_ *testing.T) { s := this.Suite{} a := s.G1().Scalar().Pick(s.RandomStream()) aG := s.G1().Point().Mul(a, nil)